Summary of the invention
For the problems referred to above, the object of this invention is to provide a kind ofly when guaranteeing Internet Transmission safety, mobilephone terminal user does not need to configure the remote desktop access system towards mobilephone terminal user that VPN network (Virtual Private Network VPN (virtual private network)) just can be accessed other Internet resources.
For achieving the above object, the present invention takes following technical scheme: a kind of remote desktop access system towards mobilephone terminal user, is characterized in that: it comprises mobile phone terminal, mobile phone desktop application apparatus, virtual special net access gateway and remote computer terminal; Described mobile phone desktop application apparatus comprises: gateway login module, main frame login module, set up monitoring service device module, operational module and secure socket layer protocol layer line journey module is controlled in foundation; Described mobile phone terminal is after configuration, the log-on message of user's input is inputted to described mobile phone desktop application apparatus, described mobile phone desktop application apparatus utilizes remote desktop access method to verify described logon data information, described virtual special net access gateway by the logon data input information after checking through configuration, described virtual special net access gateway is confirmed described logon data information, finally the DESKTOP INFORMATION of described remote computer terminal is sent in described mobile phone terminal.
The described configuration to mobile phone terminal comprises the steps:
1) RDP installation file is copied in described mobile phone terminal, move described RDP installation file RDP client software is installed;
2) mobile phone desktop application client palmtop PC senior compacting instruction set processor software installation kit and the senior compacting instruction set processor software of mobile phone desktop application client smart mobile phone installation kit are copied in mobile phone terminal simultaneously;
3) if mobile phone uses is palmtop PC platform, the senior compacting instruction set processor software of described mobile phone desktop application client palmtop PC installation kit is installed; If what mobile phone used is intelligent mobile phone platform, the senior compacting instruction set processor software of described mobile phone desktop application client smart mobile phone installation kit is installed.
The described configuration to virtual special net access gateway comprises the steps:
A) first on virtual special net access gateway, set up a virtual site, then in the thin-client support module of global configuration mode, import mobile phone desktop thin-client support module;
B) in the thin-client support module of virtual site configuration mode, enable mobile phone desktop thin-client support module;
C) at the configuration page of virtual special net access gateway, be configured in the face of thin-client support module, first click the Import button, by the configuration string write-in policy being generated by mobile phone desktop thin-client support module towards resembling control; Then click " derivations " button, configuration is gone here and there to exporting policy towards resembling control, then write in the configuration of virtual special net access gateway and go, the configuration that finally preservation is done.
Described remote desktop access method step comprises:
I), after described mobile phone desktop application apparatus starts, described gateway login module prompting user inputs the IP address of described virtual special net access gateway, and the username and password of logining described virtual special net access gateway; Start the cordless communication network at described mobile phone terminal place; If start described cordless communication network success, perform step II), start described foundation simultaneously and control secure socket layer protocol layer line journey module foundation control secure socket layer protocol layer line journey; Otherwise, repeated execution of steps I);
II) described main frame login module prompting user inputs IP address or host subscriber's name of the remote computer terminal that needs login;
III) described operational module starts described RDP client software, obtain handle, making described RDP client software set up socket with described mobile phone desktop application apparatus is connected, by setting up monitoring service device module, set up a proxy server of monitoring the machine address, the random port number of monitoring is obtained simultaneously; Operating described RDP client software sets up socket and is connected with the described monitoring service device module of setting up;
IV) the described monitoring service device module of setting up is controlled secure socket layer protocol layer line journey module by the logon data information conveyance of the login remote computer terminal of described user's input to described foundation, and described foundation is controlled secure socket layer protocol layer line journey module described logon data information is carried out to the encryption based on secure socket layer protocol layer protocol;
V) described foundation control secure socket layer protocol layer line journey module is given described virtual special net access gateway by the logon data communication after described encryption, described virtual special net access gateway carries out, after the decryption processing based on secure socket layer protocol layer protocol, sending to described remote computer terminal to described logon data information; Described remote computer terminal is confirmed deciphering rear logon data information, if confirm, successfully the DESKTOP INFORMATION of described remote computer terminal is sent to mobile phone terminal 1; Otherwise, return to step I).
Described virtual special net access gateway is Array SPX series secure socket layer protocol layer virtual private network access gateway.
The present invention is owing to taking above technical scheme, and it has the following advantages: 1, the present invention, due to the transfer of data of utilizing ssl protocol to be encrypted and deciphering, has guaranteed that data can not intercepted and eavesdrop in network transmission process.2, the present invention carries out (the Secure Sockets Layer based on SSL to logon data information, secure socket layer protocol layer) encryption of agreement, then the data after encrypting are sent to transport layer, and then have access to internal lan, therefore do not need to configure VPN network, mobile phone terminal just can be accessed remote computer terminal.The present invention has simplified the process of access remote desktop of the prior art, and mobilephone terminal user does not need to configure VPN network just can have access to the work station of company's internal network.
Embodiment
Below in conjunction with drawings and Examples, the present invention is described in detail.
As shown in Figure 1, remote desktop safety access system of the present invention comprises: mobile phone terminal 1, mobile phone desktop application apparatus 2, virtual special net access gateway 3 and remote computer terminal 4.Mobile phone terminal 1 connects virtual special net access gateway 3 by mobile phone desktop application apparatus 2, and virtual special net access gateway 3 connects with remote computer terminal 4 again.Mobile phone terminal 1 can carry out information communication with remote computer terminal 4 in this connection channel, realizes and accesses Internet resources, receiving and dispatching mail, the making PPT needing and utilize Microsoft Word software to write the functions such as document.Wherein mobile phone desktop application apparatus 2 comprises: gateway login module 21, main frame login module 22, set up monitoring service device module 23, operational module 24 and set up and control SSL (Secure SocketsLayer, secure socket layer protocol layer) thread module 25.
2 of mobile phone desktop application apparatus of the present invention are for supporting Windows Mobile operating system.When by mobile phone terminal 1 access remote computer terminal 4, first need mobile phone terminal 1 to do following configuration, WM6RDP (RDP of Windows Mobile6 version) installation file is copied in mobile phone terminal 1, and operation WM6RDP file is installed MSRDP (RDP of Microsoft version) client software.Afterwards mobile phone desktop application device 2 is configured, by Desktop Direct Mobile Client PPC.ARM (mobile phone desktop application client palmtop PC arm processor, ARM:Advanced RISC Machines, senior compacting instruction set processor) software installation kit and Desktop Direct Mobile Client SP.ARM (mobile phone desktop application client smart mobile phone arm processor) software installation kit copy in mobile phone terminal 1 simultaneously, if mobile phone terminal 1 is used PocketPC (palmtop PC, Pocket Personal Computer) platform, by Desktop Direct Mobile Client PPC.ARM software kit is installed, mobile phone desktop application apparatus 2 is installed, if use Smart Phone (smart mobile phone) platform, by Desktop Direct Mobile ClientSP.ARM software kit is installed, mobile phone desktop application apparatus 2 is installed.
Virtual special net access gateway 3 is done to following configuration:
1) first on virtual special net access gateway 3, set up a virtual site, then in the TCS of global configuration mode (thin-client support, Thin Client Support) in module, import mobile phone desktop TCS module 31, wherein mobile phone desktop TCS module 31 is the application on mobile phone of the function of TCS module.In embodiments of the invention, virtual special net access gateway 3 is used Array SPX series SSL VPN (Secure Sockets LayerVirtual Private Network, secure socket layer protocol layer virtual private network) access gateway.Array SPX series SSL VPN access gateway is the safety product that provides specially data access to control, and it can provide for long-range and local user extendible access capability, guarantees fail safe and the shortest application response time of transfer of data simultaneously.
2) in the TCS of virtual site global configuration mode module, enable mobile phone desktop TCS module 31.
3) at the configuration page of virtual special net access gateway 3, face TCS module and be configured, first click the Import button, the configuration string being generated by mobile phone desktop TCS module 31 is write to ActiveX control (tactic is towards resembling control); And then click " derivations " button, will configure and go here and there derivation ActiveX control, then be write in the configuration of virtual special net access gateway and go, the configuration that finally preservation is done.
As shown in Figure 2 and Figure 3, user's mobile phone terminal 1 is by the log-on message input handset desktop application device 2 of user's input, mobile phone desktop application apparatus 2 utilizes remote desktop access method to verify logon data information, virtual special net access gateway by the logon data input information after checking through configuration, virtual special net access gateway is confirmed logon data information, finally the DESKTOP INFORMATION of remote computer terminal 4 is sent in described mobile phone terminal 1.Wherein, the concrete operation step of remote desktop access method is as follows:
I) after mobile phone desktop application apparatus 2 starts, gateway login module 21 prompting users input IP (the Internet Protocol of virtual special net access gateway 3, network interconnection agreement) address, and the username and password of login virtual special net access gateway 3; Start the cordless communication network at mobile phone terminal 1 place, as GPRS, EDGE, 3G, WiFi etc.; If start cordless communication network success, perform step II), the control of startup foundation simultaneously SSL thread module 25 is set up and is controlled SSL thread; Otherwise, repeated execution of steps I).
II) main frame login module 22 prompting users input the logon data information of the remote computer terminal 4 that needs login, i.e. IP address or host subscriber's name.
III) operational module 24 starts MSRDP client software, obtain handle, making MSRDP client software and mobile phone desktop application apparatus 2 set up socket (socket) is connected, by setting up monitoring service device module 23, set up a proxy server of monitoring the machine address, the random port number of monitoring is obtained simultaneously; Operation MSRDP client software with set up monitoring service device module 23 and set up socket and be connected.
IV) set up monitoring service device module 23 the logon data information conveyance of the login remote computer terminal 4 of user's input is controlled to SSL thread module 25 to setting up, foundation is controlled 25 pairs of logon data information of SSL thread module and is carried out the encryption based on ssl protocol;
V) foundation control SSL thread module 25 is by the logon data communication after encrypting to virtual special net access gateway 3, and 3 pairs of logon data information of virtual special net access gateway carry out, after the decryption processing based on ssl protocol, sending to remote computer terminal 4; After 4 pairs of deciphering of remote computer terminal, logon data information is confirmed, if confirm, successfully the DESKTOP INFORMATION of remote computer terminal 4 is sent to mobile phone terminal 1; Otherwise, return to step I).
Below by an embodiment, system of the present invention is further illustrated.
First, virtual special net access gateway 3 is configured as follows:
A) first on Array SPX series SSL VPN access gateway, set up a virtual site.Then in the TCS of global configuration mode module, import mobile phone desktop TCS module 31.
B) in the thin-client support of virtual site configuration mode, enable mobile phone desktop TCS module 31.
C) in TCS block configuration device, first click the Import button, and then click " derivation " button, finally preserve the configuration of doing.
After completing above configuration, start to set up the link of mobile phone terminal access remote terminal desktop, concrete operation step is as follows:
I) as shown in Figure 4, because mobile phone terminal 1 is used PocketPC platform, therefore WM6RDP installation file and Desktop Direct Mobile Client PPC.ARM software installation kit are copied in mobile phone terminal 1; First move WM6RDP installation kit MSRDP client software is installed, the Desktop Direct MobileClient PPC.ARM installation kit that reruns is installed Desktop Direct Mobile Client software.
Ii) as shown in Figure 5, on mobile phone terminal 1, select " beginning/program " menu, move mobile phone desktop application apparatus 2, in start menu, there will be the shortcut of mobile phone desktop application apparatus 2.
Iii) as shown in Figure 6, the IP address of the Array SPX series SSL VPN access gateway that input will connect, and access the required username and password of this equipment, then click " Login " (login) button, set up safe VPN network with Array SPX series SSL VPN access gateway and be connected.
Iv) as shown in Figure 7, successfully set up after the connection of VPN network, can continue to input according to the prompting at interface the IP address or hostname of the remote terminal that will access, then click " Connect " (connecting) button.
V) as shown in Figure 8, whether the username and password that the username and password that Array SPX series SSL VPN access gateway judge remote computer terminal 4 is inputted when setting up the connection of VPN network is identical respectively, if identical, can directly access by SSO (single-sign-on) function the desktop of remote computer terminal 4; Otherwise, as shown in Figure 9, correctly input after the username and password of remote terminal, can login the desktop of this remote computer terminal 4; Wherein, the square in the lower right corner is for the position of moving screen.
The embodiment of the inventive method and device is only for illustrating the present invention; the wherein structure of each parts, setting position, connected mode; and the setting of method step all can change to some extent with order; every improvement of carrying out on the basis of technical solution of the present invention and equivalents, all should not get rid of outside protection scope of the present invention.